OWASP: The Free Resource For Website Security

One of the problems when it comes to application security in the Wild West of the World Wide Web is how expensive it can be. According to the website Imagine IT, businesses can spend around ten percent of the annual IT budget on application security on the web, so working to defend your website can be incredibly costly. When it comes to defending web applications, there needs to be a way to be able to provide individuals and larger organizations with the tools necessary to defend their web apps and websites without having to break the budget. Web app security needs to be something that is freely available to the general public and fortunately, there is a man back in 2001 who agreed that web security and securing applications during the web development process should be something anyone with a computer should access. Thanks to Mark Curphey, web security can be free!

Mark Curphey was the man who, in September of 2001, created the non-profit organization known as OWASP, or the Open Worldwide Application Security Project if you want to go with the full name. The goal of this organization was to produce an online community that creates free articles, methodologies, documents, tools, and technologies for the field of web application security to help those without deep pockets get the resources they need to defend their websites and their web apps. While providing tools for people around the globe, the group was originally only based in the United States and it took three years for OWASP to officially be registered as a 501(c)(3) non-profit organization in the US. Yet by 2011, OWASP became registered as a non-profit in Belgium under the name OWASP Europe, giving the company a presence outside of the US and a seat in another location that is at the heart of IT technology!

OWASP has been a pretty effective organization and it has even gotten an award from Haymarket Media Group’s SC Magazine - a magazine that was created for cybersecurity professionals and amateurs to give in-depth news and analysis in the field of IT Security - back in 2014! It has given lists of the Top 10 security risks for APIs, web apps, and other programs related to web development every single year since 2003! It also provides a practical development guide for various popular web tools & web languages such as PHP, J2EE, and ASP.Net; a guide for reviewing code; information on how to speed up and automate application security programs; and guides for penetration testing for seeing how powerful your security for your web apps is when it comes to external attacks from hackers and malware!

While OWASP is a very important organization and can help people who need to give proper security to their web development projects in an open-source manner, there seem to be internal issues that have threatened to make OWASP a less effective organization in the modern cybersecurity landscape. According to an open letter signed by dozens of members, contributors, and supporters have questioned the viability of OWASP in the modern internet since OWASP - according to the letter - is losing its ability to keep pace with the modern landscape of web security and the growing threats appearing from both amateur & state actors. This letter was published in February of this year and raises concerns due to a lack of changes to keep OWASP relevant, stating that  “The gap between what our projects and the community around them want, and the support that OWASP provides, continues to grow wider.”

With these issues, I hope OWASP is able to fix its issues and continue to provide free web security services for the developers of tomorrow. This group helped to revolutionize web development security by making these tools free and creating an active community dedicated to making sure anyone can protect their digital systems, no matter if they had plenty of money or none at all!